Re: [PATCH] Lazy config init in libselinux

[Steve G <linux_4ever@yahoo.com>]

[-- Attachment #1: Type: text/plain, Size: 1027 bytes --]

>Not familiar with it - enlighten me.  How does it differ from a
>constructor?  How does it work?

Its a wrapper around pthread_once. pthread_once gurantees that something gets
executed only one time; IOW it can be used as an on-demand constructor.
libselinux does not need to link against pthreads, so that does not change.
Here's the tested patch.

I added the following audit rule "-w /etc/selinux/config -k selinux-config". Then
rebooted and run "ausearch --start recent -k selinux-config --raw | aureport
-executable --summary" to see which programs were accessing selinux config files.
You might have to adjust your start time instead of using "recent". But anyways
it does cut the use. The speedup varies with the work load. I think things that
are heavy in ls, cp, mv, mount, id, find, etc are likely to have the most
benefit.

-Steve


 
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 2117138420-libselinux-2.0.4-lazy-config.patch --]
[-- Type: text/x-patch; name="libselinux-2.0.4-lazy-config.patch", Size: 2389 bytes --]

diff -urp libselinux-2.0.4.orig/src/selinux_config.c libselinux-2.0.4/src/selinux_config.c
--- libselinux-2.0.4.orig/src/selinux_config.c	2007-02-25 14:52:16.000000000 -0500
+++ libselinux-2.0.4/src/selinux_config.c	2007-02-26 18:01:58.000000000 -0500
@@ -7,8 +7,10 @@
 #include <stdlib.h>
 #include <limits.h>
 #include <unistd.h>
+#include <errno.h>
 #include "selinux_internal.h"
 #include "get_default_type_internal.h"
+#include <bits/libc-lock.h>
 
 #define SELINUXDIR "/etc/selinux/"
 #define SELINUXCONFIG SELINUXDIR "config"
@@ -93,6 +95,11 @@ static const uint16_t compat_file_path_i
 
 static int use_compat_file_path;
 
+/* Protect the configuration variables */
+__libc_once_define(static, once);
+static void init_selinux_config(void);
+
+
 int selinux_getenforcemode(int *enforce)
 {
 	int ret = -1;
@@ -144,6 +151,8 @@ static char *selinux_policytype;
 
 int selinux_getpolicytype(char **type)
 {
+	__libc_once(once, init_selinux_config);
+
 	if (!selinux_policytype)
 		return -1;
 	*type = strdup(selinux_policytype);
@@ -155,7 +164,6 @@ hidden_def(selinux_getpolicytype)
 static char *selinux_policyroot = NULL;
 static char *selinux_rootpath = NULL;
 
-static void init_selinux_config(void) __attribute__ ((constructor));
 
 static void init_selinux_config(void)
 {
@@ -167,12 +175,6 @@ static void init_selinux_config(void)
 
 	if (selinux_policyroot)
 		return;
-	if (access(SELINUXDIR, F_OK) != 0) {
-		selinux_policyroot = SECURITYDIR;
-		selinux_rootpath = SECURITYDIR;
-		use_compat_file_path = 1;
-		return;
-	}
 
 	selinux_rootpath = SELINUXDIR;
 	fp = fopen(SELINUXCONFIG, "r");
@@ -226,6 +228,11 @@ static void init_selinux_config(void)
 		}
 		free(line_buf);
 		fclose(fp);
+	} else if (errno == ENOENT && access(SECURITYDIR, F_OK) == 0) {
+		selinux_policyroot = SECURITYDIR;
+		selinux_rootpath = SECURITYDIR;
+		use_compat_file_path = 1;
+		return;
 	}
 
 	if (!type) {
@@ -268,6 +275,7 @@ static void fini_selinux_policyroot(void
 
 static const char *get_path(int idx)
 {
+	__libc_once(once, init_selinux_config);
 	if (!use_compat_file_path)
 		return file_paths[idx];
 
@@ -283,11 +291,13 @@ hidden_def(selinux_default_type_path)
 
 const char *selinux_policy_root()
 {
+	__libc_once(once, init_selinux_config);
 	return selinux_policyroot;
 }
 
 const char *selinux_path()
 {
+	__libc_once(once, init_selinux_config);
 	return selinux_rootpath;
 }